SaaS Cyber Security Specialist

• Identifying, onboarding, and evaluating SaaS Solutions onto our security tools and functions to enhance security around Ford-used SaaS solutions.
• Developing and managing security policies in the following advanced security tools:
• AppOmni
• Microsoft Defender For Cloud Apps (MDCA)
  

Responsibilities

• Collaborate with fellow SaaS Security team members and cross-functional teams to proactively identify, analyze, and resolve SaaS security issues, ensuring a robust and secure environment.
• Partner and lead remediation efforts with EPEO Services teams and other stakeholders to mitigate identified security risks and ensure timely resolution.
• Drive the enforcement and continuous improvement of SaaS Security Compliance Standards across Ford's diverse SaaS landscape.
• Design, develop, and implement robust automation solutions for critical security workflows, audits, and policy management within platforms like AppOmni, Microsoft Defender for Cloud Apps (MDCA), and exception handling processes.
• Lead the technical evaluation and strategic adoption of new security tools and technologies to effectively address emerging security gaps and enhance our defense capabilities.
  

Qualifications

Desired Skills:

• Deep hands-on experience with SaaS Security Posture Management (SSPM) and Cloud Access Security Broker (CASB) tools, specifically AppOmni and Microsoft Defender for Cloud Apps (MDCA), including policy development, incident response, and integration.
• Proficiency in Microsoft Entra (formerly Azure AD) for identity and access management within SaaS environments.
• Proven experience in developing and implementing automation using scripting languages such as Python, PowerShell, or Go, particularly for API integrations, security tool orchestration, and custom audit scripts.
• Solid understanding and practical experience with Git and GitHub for version control, collaborative development, and security automation pipeline management.
• Familiarity with CI/CD pipelines and automated deployment tools (e.g., Jenkins, Azure DevOps, GitHub Actions) to integrate security automation into the software development lifecycle.
• Knowledge of Infrastructure-as-Code (IaC) principles and tools like Terraform.
• Comprehensive understanding of security best practices for enterprise-level SaaS deployments, cloud platforms (GCP, Azure), and common web application security frameworks.
• Demonstrated experience in the secure configuration and functionality of key enterprise SaaS solutions, including but not limited to: Microsoft 365 (M365), Salesforce, GitHub, ServiceNow, Jira, and Miro.
  

Required Skills:

• Customer-centric mindset with a strong commitment to collaboration and team success.
• Proactive self-starter with a continuous learning aptitude, capable of quickly adapting to new technologies and threats.
• Excellent verbal and written communication skills with the ability to articulate complex security concepts to technical and non-technical audiences.
• Exceptional problem-solving and analytical reasoning skills to diagnose and resolve intricate security challenges.
• Strong drive for results, demonstrating the ability to manage multiple priorities and work effectively both independently and as part of a team.
• Unwavering commitment to quality and adherence to project timelines and deliverables.
• Practical familiarity with Agile project planning methodologies and hands-on experience using Jira for task tracking and project management in a security context.
• Proficiency in documenting technical processes, procedures, and security configurations to ensure maintainability and knowledge transfer.